GHSA-q3mw-pvr8-9ggc
Suggest an improvement- Source
- https://github.com/advisories/GHSA-q3mw-pvr8-9ggc
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/08/GHSA-q3mw-pvr8-9ggc/GHSA-q3mw-pvr8-9ggc.json
- JSON Data
- https://api.osv.dev/v1/vulns/GHSA-q3mw-pvr8-9ggc
- Aliases
- Related
- Published
- 2023-08-25T21:30:48Z
- Modified
- 2024-02-17T05:31:37.094178Z
- Severity
-
- 6.1 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS Calculator
- Summary
- Apache Tomcat Open Redirect vulnerability
- Details
-
URL Redirection to Untrusted Site ('Open Redirect') vulnerability in FORM authentication feature Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.0-M10, from 10.1.0-M1 through 10.0.12, from 9.0.0-M1 through 9.0.79 and from 8.5.0 through 8.5.92.
The vulnerability is limited to the ROOT (default) web application.
- References
-
- https://nvd.nist.gov/vuln/detail/CVE-2023-41080
- https://github.com/apache/tomcat/commit/4998ad745b67edeadefe541c94ed029b53933d3b
- https://github.com/apache/tomcat/commit/77c0ce2d169efa248b64b992e547aad549ec906b
- https://github.com/apache/tomcat/commit/bb4624a9f3e69d495182ebfa68d7983076407a27
- https://github.com/apache/tomcat/commit/e3703c9abb8fe0d5602f6ba8a8f11d4b6940815a
- https://github.com/apache/tomcat
- https://lists.apache.org/thread/71wvwprtx2j2m54fovq9zr7gbm2wow2f
- https://lists.debian.org/debian-lts-announce/2023/10/msg00020.html
- https://security.netapp.com/advisory/ntap-20230921-0006
- https://www.debian.org/security/2023/dsa-5521
- https://www.debian.org/security/2023/dsa-5522
Affected packages
Maven / org.apache.tomcat:tomcat
Package
- Name
- org.apache.tomcat:tomcat
- View open source insights on deps.dev
- Purl
- pkg:maven/org.apache.tomcat/tomcat
Maven / org.apache.tomcat:tomcat
Package
- Name
- org.apache.tomcat:tomcat
- View open source insights on deps.dev
- Purl
- pkg:maven/org.apache.tomcat/tomcat
Maven / org.apache.tomcat:tomcat
Package
- Name
- org.apache.tomcat:tomcat
- View open source insights on deps.dev
- Purl
- pkg:maven/org.apache.tomcat/tomcat
Affected versions
9.*
9.0.0.M1
9.0.0.M3
9.0.0.M4
9.0.0.M6
9.0.0.M8
9.0.0.M9
9.0.0.M10
9.0.0.M11
9.0.0.M13
9.0.0.M15
9.0.0.M17
9.0.0.M18
9.0.0.M19
9.0.0.M20
9.0.0.M21
9.0.0.M22
9.0.0.M25
9.0.0.M26
9.0.0.M27
9.0.1
9.0.2
9.0.4
9.0.5
9.0.6
9.0.7
9.0.8
9.0.10
9.0.11
9.0.12
9.0.13
9.0.14
9.0.16
9.0.17
9.0.19
9.0.20
9.0.21
9.0.22
9.0.24
9.0.26
9.0.27
9.0.29
9.0.30
9.0.31
9.0.33
9.0.34
9.0.35
9.0.36
9.0.37
9.0.38
9.0.39
9.0.40
9.0.41
9.0.43
9.0.44
9.0.45
9.0.46
9.0.48
9.0.50
9.0.52
9.0.53
9.0.54
9.0.55
9.0.56
9.0.58
9.0.59
9.0.60
9.0.62
9.0.63
9.0.64
9.0.65
9.0.67
9.0.68
9.0.69
9.0.70
9.0.71
9.0.72
9.0.73
9.0.74
9.0.75
9.0.76
9.0.78
9.0.79
Maven / org.apache.tomcat:tomcat
Package
- Name
- org.apache.tomcat:tomcat
- View open source insights on deps.dev
- Purl
- pkg:maven/org.apache.tomcat/tomcat
Affected versions
8.*
8.5.0
8.5.2
8.5.3
8.5.4
8.5.5
8.5.6
8.5.8
8.5.9
8.5.11
8.5.12
8.5.13
8.5.14
8.5.15
8.5.16
8.5.19
8.5.20
8.5.21
8.5.23
8.5.24
8.5.27
8.5.28
8.5.29
8.5.30
8.5.31
8.5.32
8.5.33
8.5.34
8.5.35
8.5.37
8.5.38
8.5.39
8.5.40
8.5.41
8.5.42
8.5.43
8.5.45
8.5.46
8.5.47
8.5.49
8.5.50
8.5.51
8.5.53
8.5.54
8.5.55
8.5.56
8.5.57
8.5.58
8.5.59
8.5.60
8.5.61
8.5.63
8.5.64
8.5.65
8.5.66
8.5.68
8.5.69
8.5.70
8.5.71
8.5.72
8.5.73
8.5.75
8.5.76
8.5.77
8.5.78
8.5.79
8.5.81
8.5.82
8.5.83
8.5.84
8.5.85
8.5.86
8.5.87
8.5.88
8.5.89
8.5.90
8.5.91
8.5.92
Maven / org.apache.tomcat.embed:tomcat-embed-core
Package
- Name
- org.apache.tomcat.embed:tomcat-embed-core
- View open source insights on deps.dev
- Purl
- pkg:maven/org.apache.tomcat.embed/tomcat-embed-core
Affected versions
8.*
8.5.0
8.5.2
8.5.3
8.5.4
8.5.5
8.5.6
8.5.8
8.5.9
8.5.11
8.5.12
8.5.13
8.5.14
8.5.15
8.5.16
8.5.19
8.5.20
8.5.21
8.5.23
8.5.24
8.5.27
8.5.28
8.5.29
8.5.30
8.5.31
8.5.32
8.5.33
8.5.34
8.5.35
8.5.37
8.5.38
8.5.39
8.5.40
8.5.41
8.5.42
8.5.43
8.5.45
8.5.46
8.5.47
8.5.49
8.5.50
8.5.51
8.5.53
8.5.54
8.5.55
8.5.56
8.5.57
8.5.58
8.5.59
8.5.60
8.5.61
8.5.63
8.5.64
8.5.65
8.5.66
8.5.68
8.5.69
8.5.70
8.5.71
8.5.72
8.5.73
8.5.75
8.5.76
8.5.77
8.5.78
8.5.79
8.5.81
8.5.82
8.5.83
8.5.84
8.5.85
8.5.86
8.5.87
8.5.88
8.5.89
8.5.90
8.5.91
8.5.92
Maven / org.apache.tomcat.embed:tomcat-embed-core
Package
- Name
- org.apache.tomcat.embed:tomcat-embed-core
- View open source insights on deps.dev
- Purl
- pkg:maven/org.apache.tomcat.embed/tomcat-embed-core
Affected versions
9.*
9.0.0.M1
9.0.0.M3
9.0.0.M4
9.0.0.M6
9.0.0.M8
9.0.0.M9
9.0.0.M10
9.0.0.M11
9.0.0.M13
9.0.0.M15
9.0.0.M17
9.0.0.M18
9.0.0.M19
9.0.0.M20
9.0.0.M21
9.0.0.M22
9.0.0.M25
9.0.0.M26
9.0.0.M27
9.0.1
9.0.2
9.0.4
9.0.5
9.0.6
9.0.7
9.0.8
9.0.10
9.0.11
9.0.12
9.0.13
9.0.14
9.0.16
9.0.17
9.0.19
9.0.20
9.0.21
9.0.22
9.0.24
9.0.26
9.0.27
9.0.29
9.0.30
9.0.31
9.0.33
9.0.34
9.0.35
9.0.36
9.0.37
9.0.38
9.0.39
9.0.40
9.0.41
9.0.43
9.0.44
9.0.45
9.0.46
9.0.48
9.0.50
9.0.52
9.0.53
9.0.54
9.0.55
9.0.56
9.0.58
9.0.59
9.0.60
9.0.62
9.0.63
9.0.64
9.0.65
9.0.67
9.0.68
9.0.69
9.0.70
9.0.71
9.0.72
9.0.73
9.0.74
9.0.75
9.0.76
9.0.78
9.0.79
Maven / org.apache.tomcat.embed:tomcat-embed-core
Package
- Name
- org.apache.tomcat.embed:tomcat-embed-core
- View open source insights on deps.dev
- Purl
- pkg:maven/org.apache.tomcat.embed/tomcat-embed-core
Maven / org.apache.tomcat.embed:tomcat-embed-core
Package
- Name
- org.apache.tomcat.embed:tomcat-embed-core
- View open source insights on deps.dev
- Purl
- pkg:maven/org.apache.tomcat.embed/tomcat-embed-core